Ravelry PHP OAuth 1.0a

1. <?php
2. /*
3.     A lot of this code was modified from Jason Graves' tutorial at:
4.     http://collaboradev.com/2011/04/01/twitter-oauth-php-tutorial/
5.    
6.     A really good spec sheet for OAuth 1.0a is at:
7.     http://oauth.net/core/1.0a/
8.    
9.     This file needs to be named ravelry.php (or whatever the filename is specified in oauth_callback) so that the call back URL will send it back here
10.    
11.     Replace 3 things:
12.     1) $consumerKey
13.     2) $consumerSecret
14.     3) oauth_callback
15.    
16.     The flow of OAuth 1.0a for Ravelry is as follows:
17.     1)  Send a CURL request to:
18.             https://www.ravelry.com/oauth/request_token
19.         and get back a request token:
20.             oauth_token=XXXXX&oauth_token_secret=XXXXX&oauth_callback_confirmed=true
21.            
22.     2)  Do an automatic redirect to:
23.             https://www.ravelry.com/oauth/authorize?oauth_token={oauth_token that you just got back from request_token above}
24.            
25.     3)  User will now be asked by Ravelry if they authorize your application
26.    
27.     4)  If user approves the access, then Ravelry will direct user back to the URL specified in oauth_callback from step 1
28.    
29.     5)  User will now be back at page specified at oauth_callback and will be provided with the following:
30.             [username] => XXXX
31.             [oauth_token] => XXXX
32.             [oauth_verifier] => XXXX
33.            
34.     6)  Send a CURL request to:
35.             https://www.ravelry.com/oauth/access_token
36.         and get back your access token:
37.             oauth_token=XXXX&oauth_token_secret=XXXX
38. */
39.  
40. session_start();
41.  
42. $consumerKey    = RAVELRY_API_ACCESS_KEY;
43. $consumerSecret = RAVELRY_API_SECRET_KEY;
44.  
45. /**
46.  * Method for creating a base string from an array and base URI.
47.  * @param string $baseURI the URI of the request to twitter
48.  * @param array $params the OAuth associative array
49.  * @return string the encoded base string
50. **/
51. function buildBaseString($baseURI, $params){
52.  
53. $r = array(); //temporary array
54.     ksort($params); //sort params alphabetically by keys
55.     foreach($params as $key=>$value){
56.         $r[] = "$key=" . rawurlencode($value); //create key=value strings
57.     }//end foreach                
58.  
59.     return "POST&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $r)); //return complete base string
60. }//end buildBaseString()
61.  
62. /**
63.  * Method for creating the composite key.
64.  * @param string $consumerSecret the consumer secret authorized by Twitter
65.  * @param string $requestToken the request token from Twitter
66.  * @return string the composite key.
67. **/
68. function getCompositeKey($consumerSecret, $requestToken){
69.     return rawurlencode($consumerSecret) . '&' . rawurlencode($requestToken);
70. }//end getCompositeKey()
71.  
72. /**
73.  * Method for building the OAuth header.
74.  * @param array $oauth the oauth array.
75.  * @return string the authorization header.
76. **/
77. function buildAuthorizationHeader($oauth){
78.     $r = 'Authorization: OAuth '; //header prefix
79.  
80.     $values = array(); //temporary key=value array
81.     foreach($oauth as $key=>$value)
82.         $values[] = "$key=\"" . rawurlencode($value) . "\""; //encode key=value string
83.  
84.     $r .= implode(', ', $values); //reassemble
85.     return $r; //return full authorization header
86. }//end buildAuthorizationHeader()
87.  
88. /**
89.  * Method for sending a request to Twitter.
90.  * @param array $oauth the oauth array
91.  * @param string $baseURI the request URI
92.  * @return string the response from Twitter
93. **/
94. function sendRequest($oauth, $baseURI){
95.     $header = array( buildAuthorizationHeader($oauth), 'Expect:'); //create header array and add 'Expect:'
96.  
97.     $options = array(CURLOPT_HTTPHEADER => $header, //use our authorization and expect header
98.                            CURLOPT_HEADER => false, //don't retrieve the header back from Twitter
99.                            CURLOPT_URL => $baseURI, //the URI we're sending the request to
100.                            CURLOPT_POST => true, //this is going to be a POST - required
101.                            CURLOPT_POSTFIELDS => "", // this is the change
102.                            CURLOPT_RETURNTRANSFER => true, //return content as a string, don't echo out directly
103.                            CURLOPT_SSL_VERIFYPEER => false); //don't verify SSL certificate, just do it
104.  
105.     $ch = curl_init(); //get a channel
106.     curl_setopt_array($ch, $options); //set options
107.     $response = curl_exec($ch); //make the call
108.     curl_close($ch); //hang up
109.  
110.     return $response;
111. }//end sendRequest()
112.  
113. //test if this page is being loaded from the callback after authorization
114. if ( isset($_GET['oauth_verifier']) && isset($_GET['oauth_token']) ) {
115.  
116.     //get access token
117.     $baseURI    = 'https://www.ravelry.com/oauth/access_token';
118.     $nonce      = time();
119.     $timestamp  = time();
120.     $oauth      = array('oauth_consumer_key' => $consumerKey,
121.                     'oauth_token' => $_SESSION['oauth_token_request'],
122.                     'oauth_signature_method' => 'HMAC-SHA1',
123.                     'oauth_timestamp' => $timestamp,
124.                     'oauth_nonce' => $nonce,
125.                     'oauth_version' => '1.0',
126.                     'oauth_verifier' => $_GET['oauth_verifier']);
127.  
128.     $baseString = buildBaseString($baseURI, $oauth); //build the base string
129.  
130.     $compositeKey = getCompositeKey($consumerSecret, $_SESSION['oauth_token_secret_request']); //first request, no request token yet
131.     $oauth_signature = base64_encode(hash_hmac('sha1', $baseString, $compositeKey, true)); //sign the base string
132.  
133.     $oauth['oauth_signature'] = $oauth_signature; //add the signature to our oauth array
134.  
135.     $response = sendRequest($oauth, $baseURI); //make the call
136.    
137.     echo $response;
138.     print_r($response);
139.  
140. }
141. else {
142.     //get request token
143.     $baseURI = 'https://www.ravelry.com/oauth/request_token';
144.     $nonce = time();
145.     $timestamp = time();
146.     $oauth = array('oauth_callback' => 'http://YOURDOMAIN.com/oauth/ravelry.php',
147.                   'oauth_consumer_key' => $consumerKey,
148.                   'oauth_nonce' => $nonce,
149.                   'oauth_signature_method' => 'HMAC-SHA1',
150.                   'oauth_timestamp' => $timestamp,
151.                   'oauth_version' => '1.0');
152.  
153.     $baseString = buildBaseString($baseURI, $oauth); //build the base string
154.  
155.     $compositeKey = getCompositeKey($consumerSecret, null); //first request, no request token yet
156.     $oauth_signature = base64_encode(hash_hmac('sha1', $baseString, $compositeKey, true)); //sign the base string
157.  
158.     $oauth['oauth_signature'] = $oauth_signature; //add the signature to our oauth array
159.  
160.     $response = sendRequest($oauth, $baseURI); //make the call
161.  
162.     //parse response into associative array
163.     $responseArray = array();
164.     $parts = explode('&', $response);
165.     foreach($parts as $p){
166.         $p = explode('=', $p);
167.         $responseArray[$p[0]] = $p[1];    
168.     }//end foreach
169.  
170.     //get oauth_token from response
171.     $oauth_token = $responseArray['oauth_token'];
172.     $_SESSION['oauth_token_request'] = $responseArray['oauth_token'];
173.    
174.     $_SESSION['oauth_token_secret_request'] = $responseArray['oauth_token_secret'];
175.  
176.     //redirect for authorization
177.     header("Location: https://www.ravelry.com/oauth/authorize?oauth_token=$oauth_token");
178.    
179. }
180.  
181. ?>